By Graeme Zwart, Head of Security
The Payment Card Industry Data Security Standard (PCI-DSS) is the global industry’s standard and our holy grail when it comes to the secure handling of cardholder information. It provides a framework for data security processes, including preventing, detecting, and reacting to security incidents. This month, PXP Financial has received its 12th consecutive accreditation, a Level 1 Service Provider certification for ANYPay and PC-EFT.
Our clients’ security is of paramount importance to us; they need to know that our systems are secure, reliable and that if they take a payment, their customers’ details will not be compromised. That’s why we’ve ensured that we regularly work towards and achieve the latest in accreditation from PCI DSS. The certificate shows that PXP Financial will, across every stage of our end-to-end payments processing.
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management programme
- Implement strong security measures
- Regularly test and monitor networks
- Maintain an information security policy
Selling securely, shopping securely
Compromised data negatively affects everyone in the payments process, from the consumers, to merchants and financial institutions. We’ve all seen how just one incident can severely damage a merchant’s reputation and their ability to conduct business effectively, far into the future. What’s more, data breaches can lead to catastrophic loss of sales, important partner relationships and brand trust - not to mention potentially damaging lawsuits, insurance claims or fines.
It’s for this reason that every merchant or payment service provider that processes, stores or transmits any cardholder data, must comply with the standard. Whether you conduct a few payments a day, or millions of transactions every year, it’s relevant to your business.
Ensuring PCI DSS compliance across the delivery chain is a guarantee to customers that your systems are secure, and that they can trust you with their identifiable card information. And as compliance applies to the physical environment, as well as the administrative and the tech side of the business, it must be updated regularly. It’s an ongoing process, but one that is required by payment brand rules. According to them, all merchants and their service providers are required to comply with the PCI DSS in its entirety.
To under estimate the importance of PCI DSS can lead to security flaws and ultimately compromised data. This can damage consumer trust in a brand, and can severely tarnish a reputation. It will certainly make customers think twice about sharing that kind of data with you again.